in reply to Re: About .htaccess
in thread About .htaccess

Well i just typed it like this to show that itwas the hashed one, but for greater security i now have it as:

.htaccess 
AuthUserFile .htpasswd
AuthType Digest
AuthName "Private Area"
require Nikos

[download]
.htpasswd 
Nikos:Private Area:digest encrypted string

[download]
All these files are inside the cgi-bin folder but even if i enter the coorect user nad pass i still cant see games.pl and i cant see why!
Iis this line correct? AuthUserFile .htpasswd

Replies are listed 'Best First'.
Re^3: About .htaccess
by CountZero (Bishop) on Jun 12, 2005 at 15:35 UTC
    Did you try using the full path to the .htpasswd file? ("drive:/full/path/to/.passwd").

    If I'm not mistaken, security-wise it is a bad idea to put this file in the cgi-bin folder. It should even be put outside your htdocs-folder.

    Are you sure that your configuration file is OK and that other cgi-bin scipts run as expected?

    Update:If you use relative paths, they are relative to the server-root! This is what the docs for Apache say in that respect:

    AuthUserFile Directive

    Description:Sets the name of a text file containing the list of users and passwords for authentication
    Syntax:AuthUserFile file-path
    Context:directory, .htaccess
    Override:AuthConfig
    Status:Base
    Module:mod_auth

    The AuthUserFile directive sets the name of a textual file containing the list of users and passwords for user authentication. File-path is the path to the user file. If it is not absolute (i.e., if it doesn't begin with a slash), it is treated as relative to the ServerRoot.

    CountZero

    "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom